Oracle Solarios 11 System Administration (Configuring Zones and the Virtual Network)

•
ESTÁCIO

Gean Kevin Fioramonte
31/05/2021
E aí, curtiu este material?
Ajude a incentivar outros estudantes a melhorar o conteúdo
Gostou desse material? Compartilhe! 🧡
Oracle

338 Materiais compartilhados
Baixe o app para aproveitar ainda mais
Leia os materiais offline, sem usar a internet. Além de vários outros recursos!
Prévia do material em texto
C fi i Z d th Vi t l N t kConfiguring Zones and the Virtual Network
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Objectives
After completing this lesson, you should be able to:
• Implement a plan to configure Oracle Solaris zones with a 
virtual network
• Create a virtual networkCreate a virtual network
• Configure Oracle Solaris zones to use VNICs
• Allocate resources to an Oracle Solaris zone 
• Manage virtual network resources
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 2
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Workflow Orientation
AI INSTALL
IPS
DATA
STORAGE
MONITORING
RESOURCE
EVALUATION STORAGE
NETWORK
CONFIGURATION
PROCESSES
ENTERPRISE
DATACENTER
EVALUATION
SERVICES
PRIVILEGES
AUDITING
NETWORK
VIRTUALIZATION
Before you begin the lesson, orient yourself in the job workflow. You have successfully 
installed the operating system by using AI, created a local IPS repository, set up the storage 
environment for your company’s business application data, and configured the physical 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
network. Now you are ready to enter the world of virtualization. An increasing number of 
companies are benefiting from the cost savings that virtualization offers. As a system 
administrator, you will be expected to know how to support your company’s virtualization 
needs and requirements, including setting up virtual networks and zones.
Oracle Solaris 11 Advanced System Administration 6 - 3
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Lesson Agenda
• Planning for a Virtual Network and Zones
• Creating a Virtual Network
• Configuring Zones to Use VNICs
• Allocating and Managing System Resources in a Zone• Allocating and Managing System Resources in a Zone
• Managing Resources on the Virtual Network
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 4
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Planning for a Virtual Network and Zones
• Identify the virtual network configuration:
– Virtual switch or etherstub
– Number of VNICs and name assignments
• Identify the zone configuration:Identify the zone configuration:
– Number of zones
– Zone configuration details
– Zone and VNIC assignments
• Identify the requirements for allocating system resources 
to zonesto zones.
• Identify the requirements for managing virtual network 
resources.
Your company is exploring ways to improve system and network efficiency and performance. 
They have heard of the cost-saving benefits of using Oracle Solaris zones to consolidate 
multiple applications that are running on many systems to a single system, and using the 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
virtual network technology to expand a single system’s network interface capacity. Your 
company now wants to test configuring zones on a virtual network. 
The plan for implementing a virtual network includes identifying the virtual network 
configuration, including whether to create the virtual network with a virtual switch or etherstub, 
how many virtual network interfaces (VNICs) to create, and what to call each VNIC. The plan 
also identifies how many zones to configure, how to configure the zones, and what the zone-
to-VNIC assignments areto VNIC assignments are. 
In addition, your company wants to investigate allocating system resources, such as CPUs 
and memory, to the zones that use the Oracle Solaris 11 resource control features, 
specifically resource pools and resource capping. Finally, the plan identifies the requirements 
for implementing virtual network resource management. As part of the network efficiency and 
performance initiative, your company wants to be able to control and manage its virtual 
network resources. They are specifically interested in testing the use of flows. In the following 
lid i t d d t i t l t k d h t fi t i t lslides, you are introduced to virtual networks and how to configure zones to use a virtual 
network. You are also introduced to resource pools and capping, and how to manage virtual 
network resources by using flows.
Oracle Solaris 11 Advanced System Administration 6 - 5
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Network Virtualization and Virtual Networks
• Network virtualization
– Is the process of combining hardware network resources and 
software network resources
– Provides efficient, controlled, and secure sharing of network g
resources
• Virtual networks
– External networks: Several local networks administered by 
software as a single entity
– Internal networks: One system using virtual machines or 
zones that are configured over at least one pseudonetwork 
interface
Planning for Oracle Solaris Zones
Network virtualization is the process of combining hardware network resources and software 
network resources into a single administrative unit The goal of network virtualization is to
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
network resources into a single administrative unit. The goal of network virtualization is to 
provide systems and users with efficient, controlled, and secure sharing of the networking 
resources.
The end product of network virtualization is the virtual network. Virtual networks are classified 
into two broad types: external and internal. External virtual networks consist of several local 
networks that are administered by software as a single entity. The building blocks of classic 
external virtual networks are switch hardware and VLAN software technology. Examples of 
t l i t l t k i l d l t t k d d t texternal virtual networks include large corporate networks and data centers.
An internal virtual network consists of one system using virtual machines or zones that are 
configured over at least one pseudonetwork interface. These containers can communicate 
with each other as though they are on the same local network, thus providing a virtual network 
on a single host. The building blocks of the virtual network are virtual network interface cards 
or virtual NICs (VNICs) and virtual switches. Oracle Solaris network virtualization provides the 
internal virtual network solution, which will be in focus in this course.,
Oracle Solaris 11 Advanced System Administration 6 - 6
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ssp
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Virtual Network Components
System
VNIC 1 VNIC 2 VNIC 3
Zone 1 Zone 2 Zone 3
Virtual Switch
NIC
Switch
Internet
An internal virtual network built on Oracle Solaris consists of the following components:
• At least one network interface card (NIC)
• A virtual NIC (VNIC) which is configured on top of the network interface The VNIC is a
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
• A virtual NIC (VNIC), which is configured on top of the network interface. The VNIC is a 
virtual network device with the same datalink interface as a physical interface. 
• A virtual switch, which is configured at the same time as the first VNIC on the interface. 
The virtual switch provides the same connectivity between VNICs on a virtual network 
that switch hardware provides for the systems connected to a switch’s ports. 
• A container, such as a zone or virtual machine, which is configured on top of the VNIC 
The graphic in the slide shows these components and how they fit together on a singleThe graphic in the slide shows these components and how they fit together on a single 
system. The single system has one NIC. The NIC is configured with three VNICs. Each VNIC 
supports a single zone. Therefore, Zone 1, Zone 2, and Zone 3 are configured over VNIC 1, 
VNIC 2, and VNIC 3, respectively. The three VNICs are virtually connected to one virtual 
switch. This switch provides the connection between the VNICs and the physical NIC upon 
which the VNICs are built. The physical interface provides the system with its external 
network connection.
Alternati el o can create a irt al net ork based on the etherst b Etherst bs are p relAlternatively, you can create a virtual network based on the etherstub. Etherstubs are purely 
software and do not require a network interface as the basis for the virtual network. In this 
lesson, you learn how to create a virtual network by using an etherstub.
Oracle Solaris 11 Advanced System Administration 6 - 7
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Introducing Zone Configuration by Using VNICs
• Step 1: Create the 
virtual switch or 
etherstub.
• Step 2: Create the 
System
Zone 1 Zone 2 Zone 3p
VNICs.
• Step 3: Configure the 
zones to use the 
VNICs.
VNIC 1 VNIC 2 VNIC 3
Virtual Switch
Zone 1 Zone 2 Zone 3
To configure zones to use a virtual network, the first step is to create your virtual network by 
creating the virtual switch or etherstub. The second step is to create the VNICs over the 
switch or etherstub. After you have the VNICs created, the third step is to configure your 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
zones to use the VNICs.
Oracle Solaris 11 Advanced System Administration 6 - 8
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Allocating System Resources to a Zone
To allocate system resources to a zone, perform the following 
steps:
• Specify a subset of the system’s processors that should be 
dedicated to a zone while it is running.g
• Limit the amount of CPU resources that can be consumed 
by a zone.
• Control the allocation of available CPU resources among 
zones, based on their importance.
• Limit the amount of physical memory• Limit the amount of physical memory.
After a zone is running, the zone and the applications that are running within it consume a 
percentage of the system’s CPU, physical memory, and process resources. The resource 
usage by a zone is based on its workload. The workload can increase or decrease based on 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
several factors. By monitoring zone resource usage, a system administrator can determine if a 
zone is utilizing too much of a system’s resources, the type of resource being used, and when 
the impact to the system is occurring, that is, on a regular basis or on a periodic basis.
As a system administrator, if you know where, when, and why the resource impacts are 
happening, you can allocate or control the system resources that are being used by doing the 
following: 
• Specify a subset of the system’s processors that should be dedicated to a zone while it• Specify a subset of the system s processors that should be dedicated to a zone while it 
is running.
• Limit the amount of CPU resources that can be consumed by a zone.
• Control the allocation of available CPU resources among zones, based on their 
importance.
• Limit the amount of physical memory.
Oracle Solaris 11 Advanced System Administration 6 - 9
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Managing System Resource Allocation to a Zone
System resource allocation to a zone can be controlled by:
• Resource pools: Used primarily to manage CPU usage
• Resource capping: Used to regulate physical memory 
consumptionconsumption
• Process scheduling: Used to control the allocation of 
available CPU resources to processes 
There are various ways to manage the allocation of system resources to a zone. For example, 
you can use resource pools to manage CPU usage, resource capping to regulate physical 
memory consumption, and process scheduling to control the allocation of available CPU 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
resources to processes.
Note: Process scheduling is controlled by the process scheduler. The scheduler supports the 
use of scheduling classes, which, in turn, are used to define a scheduling policy that is used 
to schedule processes with a scheduling class. In the Oracle Solaris operating system, the 
default TimeSharing scheduler (TS) tries to give every process relatively equal access to the 
available CPUs. However, you can specify that certain processes should be given more 
resources than others by using the fair share scheduler (FSS) which controls the allocation ofresources than others by using the fair share scheduler (FSS), which controls the allocation of 
the available CPU resources among workloads, based on their importance. This importance 
is expressed by the number of shares of CPU resources that you assign to each workload.
This lesson focuses on using resource pools and resource capping to manage zone resource 
allocation. Process scheduling is presented in detail in the lesson titled “Managing Processes 
and Priorities.”
Oracle Solaris 11 Advanced System Administration 6 - 10
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
As part of planning, the resource allocations for each zone should be identified, along with 
how the resource allocations will be managed (for example, through resource pools or 
resource capping). If resource allocations for the zones cannot be determined at the time of 
planning (primarily because of insufficient zone resource usage statistics), they can be set at 
a later time. 
Now you take a closer look at how you can use resource pools and resourcecapping to 
manage your zone’s resource allocations.
Oracle Solaris 11 Advanced System Administration 6 - 11
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Resource Pool Allocation
• SMF supports two resource pool services:
– Default resource pool service 
svc:/system/pools:default
– Dynamic resource pool service y p
svc:/system/pools/dynamic:default
• Resource pool services are disabled by default.
• To allocate a resource pool to a zone, you must:
– Enable the two resource pool services
– Create a pool configuration file and save it in the defaultCreate a pool configuration file and save it in the default 
configuration file /etc/pooladm.conf
– Modify the pool configuration file to specify a subset of the 
system’s processors that should be dedicated to a zone
– Bind the resource pool to the zone
Resource pools enable you to separate workloads so that workload consumption of certain 
resources does not overlap. This resource reservation helps to achieve predictable 
performance on systems with mixed workloads. There are two types of resource pool services 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
in the Oracle Solaris service management facility (SMF) that reside on the system: the default 
resource pool service (svc:/system/pools:default), and the dynamic resource pool 
service (svc:/system/pools/dynamic:default), which is dependent on the default 
pool service. By default, neither of these services is active. 
To allocate a resource pool to a zone, you must first enable these services and create a pool 
configuration file for the current pool configuration that you save in the default 
/etc/pooladm conf configuration file This file which is in XML format contains a/etc/pooladm.conf configuration file. This file, which is in XML format, contains a 
description of the pools to be created on the system and the elements that can be 
manipulated: system, pool, pset (processor set) and cpu. This configuration file is referred to 
as the static configuration file. After you have created and saved the pool configuration file, 
you can modify it to specify a subset of the system’s processors that should be dedicated to a 
zone while it is running. The static configuration file now matches the current dynamic 
configuration that represents the way you want the system to be configured with respect to 
how the resource pool or pools will function After you have modified the pool configuration filehow the resource pool or pools will function. After you have modified the pool configuration file 
and saved the changes, you must allocate or bind the zone to the resource pool.
Oracle Solaris 11 Advanced System Administration 6 - 12
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
How Resource Pools Work
• Oracle Solaris software boots.
• The initialization SMF service checks for the 
/etc/pooladm.conf file.
• If the file exists pooladm makes the configuration theIf the file exists, pooladm makes the configuration the 
active pools’ configuration.
• The system creates the dynamic configuration.
• Resources are allocated and monitored by the pools’ 
resource controller (poold).
When the Oracle Solaris software boots, an SMF service checks to see if the 
/etc/pooladm.conf file exists. If this file is found and the pools are enabled, the pooladm 
command is invoked to make this configuration the active pools’ configuration. The system 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
creates a dynamic configuration to reflect the organization that is requested in 
/etc/pooladm.conf, and the machine’s resources are allocated accordingly.
Note: The pooladm command is used to activate and deactivate the resource pools facility. 
The pools resource controller, poold, is started with the dynamic resource pools facility. This 
system daemon should always be active when dynamic resource allocation is required. The 
poold resource controller identifies available resources and monitors workloads to determine 
h t bj ti l b i t Th t ll th idwhen system usage objectives are no longer being met. The controller then considers 
alternative configurations in terms of the objectives, and remedial action is taken. If possible, 
the resources are reconfigured so that the objectives can be met. If this action is not possible, 
the daemon logs that the user-specified objectives can no longer be achieved. Following a 
reconfiguration, the daemon resumes monitoring workload objectives.
Now that you have a better idea of how resource pools are used to control zone resource 
allocations, you will look at memory resource capping.y y g
Oracle Solaris 11 Advanced System Administration 6 - 13
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Memory Resource Capping
• Resource capping is controlled by the rcapd daemon.
• The rcapd daemon repeatedly samples the resource 
utilization of projects that have physical memory caps. 
• The sampling interval is specified by the administratorThe sampling interval is specified by the administrator. 
• When physical memory utilization thresholds are 
exceeded, the daemon reduces the resource consumption 
with memory caps.
If there is a memory resource conflict with the zones on your system, you can control the 
amount of memory that is allocated to each zone with resource capping. Resource capping is 
controlled by the rcapd daemon. The rcapd daemon repeatedly samples the resource 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
utilization of projects in zones that have physical memory caps. The sampling interval that is 
used by the daemon is specified by the administrator. When the system’s physical memory 
utilization exceeds the threshold for cap enforcement, and when other conditions are met, the 
daemon takes action to reduce the resource consumption of projects with memory caps to 
levels at or below the caps.
Note: You can use the rcapadm command without arguments to display the current status of 
the resource capping daemonthe resource capping daemon.
For more information about resource capping and the rcapd daemon, see “Administering the 
Resource Capping Daemon” in the Oracle Solaris Administration: Oracle Solaris Zones, 
Oracle Solaris 10 Zones, and Resource Management guide.
Oracle Solaris 11 Advanced System Administration 6 - 14
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Specifying Resource Capping Within a Zone
• The capped-memory resource sets limits for physical, 
swap, and locked memory.
• At least one limit must be set.
• The rcapd daemon and rcap service must be up andThe rcapd daemon and rcap service must be up and 
running.
To allocate the maximum amount of memory that can be consumed by a specified zone and 
have it as a persistent cap, you can use the capped-memory resource. This resource sets 
limits for physical, swap, and locked memory. Each limit is optional, but at least one must be 
Copyright © 2013,Oracle and/or its affiliates. All rights reserved.
set.
Note: You can specify a temporary resource cap for a zone by using the rcapadm command; 
however, this setting lasts only until the next reboot. For example, to set a maximum memory 
value of 512 MB for the hrzone zone, you use the following command: 
# rcapadm -z hrzone -m 512M
To use the capped-memory resource, the rcapd daemon and its associated service (rcap) 
must be up and running. These system facilities provide the capability to use the capped-
memory option.
In this lesson, you learn how to set a persistent cap for a zone. In the lesson titled “Evaluating 
System Resources,” you learn how to configure resources at the system level. 
Oracle Solaris 11 Advanced System Administration 6 - 15
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Implementing Controls on Network Resources
• Increase the efficiency of 
virtual networks with 
resource controls.
• Use resource controls to:
Global Zone
hrzone
192.168.3.20
itzone
192.168.3.22
Exclusive IP
Packets
System
– Share bandwidth among 
VNICs
– Customize link properties
– Create flows
Virtual Switch
vnic1
192.168.3.20
vnic2
192.168.3.22
Packets
Packets
Local network 192.168.3.0
e1000g0
192.168.3.70
Packets
When a virtual network is configured, a zone sends traffic to an external host in the same 
fashion as a system without a virtual network. Traffic flows from the zone, through the VNIC to 
the virtual switch, and then to the physical interface, which sends the data out onto the 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
network. 
To increase efficiency on your virtual network, you can implement controls to determine how 
resources are being used by the networking processes. Resource control is the process of 
allocating a system’s resources in a controlled fashion. The resource control features of 
Oracle Solaris enable bandwidth to be shared among the VNICs on a system’s virtual 
network. Link properties that are specifically related to network resources, such as rings, 
CPUs and so on can be customized to process network packets In addition you can alsoCPUs, and so on, can be customized to process network packets. In addition, you can also 
create flows to manage network usage.
Oracle Solaris 11 Advanced System Administration 6 - 16
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Managing Virtual Network Resources 
by Using Flowsby Using Flows
• Flows are created on a per-VNIC basis.
• Flows are used to categorize network packets.
• Flows define and isolate packets with similar 
characteristicscharacteristics.
• Flows can be assigned specific resources. 
• Bandwidth is assigned based on the usage policy for the 
system.
Resource management for the virtual network involves creating flows on a per-VNIC basis.
A flow is a customized way of categorizing network packets to further control how resources 
are used to process these packets. These flows define and isolate packets with similar 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
characteristics, such as the port number or IP address of the sending host. Packets that share 
an attribute constitute a flow and are labeled with a specific flow name. Specific resources can 
then be assigned to the flow. You assign bandwidth based on the usage policy for the system.
Oracle Solaris 11 Advanced System Administration 6 - 17
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Creating Flows and Selecting Flow Properties
• Flows are created according to attributes.
• Attributes are classifications that are used to organize 
network packets into a flow. 
• Flows use properties to control resources:Flows use properties to control resources:
– maxbw: Maximum amount of a link’s bandwidth that packets 
identified with this flow can use
– priority: Priority given to the packets in a flow:
— Options: high, medium, or low
— Default: medium
Creating and Implementing Flows
Flows are created according to the attribute that you determined for each flow. An attribute is 
a classification that you use to organize network packets into a flow For example an IP
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
a classification that you use to organize network packets into a flow. For example, an IP 
address or transport protocol, such as TCP, can be used as an attribute. When you create a 
flow, you identify an attribute as well as a name for the flow. 
Flows also have properties that are used to control resources. Currently, there are only two 
flow properties that can be set:
• Maxbw: The maximum amount of the link’s bandwidth that packets identified with this 
flow can use. The value you set must be within the allowed range of values for the link’s 
bandwidth. 
• Priority: The priority given to the packets in this flow. The possible values are high, 
medium, and low; medium is the default value.
In the section titled “Allocating and Managing System Resources in a Zone,” which will be 
covered later in this lesson, you learn how to manage virtual network resources by using a 
flow.
Oracle Solaris 11 Advanced System Administration 6 - 18
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Implementing the Virtual Network and Zones Plan
Your assignment is to:
• Create a virtual network
• Configure zones to use VNICs
• Allocate resources to a zone• Allocate resources to a zone
• Manage network resources by using flows
Implementing the Data Storage Management Plan
It is now time to test the virtual network functionality in Oracle Solaris 11. Your assignment is 
to create a virtual network and then configure zones to use the virtual network interfaces that
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
to create a virtual network, and then configure zones to use the virtual network interfaces that 
you have created as part of the virtual network. Next, you allocate resources to a zone by 
using resource pools. Your last task is to test managing the network resources by using flows. 
In the sections that follow, you learn the commands that you need to perform these tasks.
Oracle Solaris 11 Advanced System Administration 6 - 19
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Quiz
A VNIC is a virtual network device with the same datalink 
interface as a physical interface. 
a. True
b Falseb. False
Answer: a
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 20
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 ON
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Quiz
In which order is a virtual network created?
a. Virtual switch, VNICs, zones
b. Zones, VNICs, virtual switch
c VNICs virtual switch zonesc. VNICs, virtual switch, zones
Answer: a
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 21
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Quiz
Which two properties do flows use to control resources?
a. speed and mtu
b. maxbw and priority
c flowctrl and thresholdc. flowctrl and threshold
Answer: b
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 22
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Lesson Agenda
• Planning for a Virtual Network and Zones
• Creating a Virtual Network
• Configuring Zones to Use VNICs
• Allocating and Managing System Resources in a Zone• Allocating and Managing System Resources in a Zone
• Managing Resources on the Virtual Network
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 23
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Creating a Virtual Network
This section covers the following topics:
• Creating a virtual network switch 
• Creating the virtual network interfaces
• Displaying the virtual network configuration• Displaying the virtual network configuration
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 24
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Creating a Virtual Network Switch
To create an etherstub, use dladm create-etherstub 
etherstub.
# dladm create-etherstub stub0
To verify the creation of the etherstub, use dladm show 
link.
# dladm show-link
LINK CLASS MTU STATE BRIDGE OVER
net0 phys 1500 upnet0 phys 1500 up -- --
net1 phys 1500 unknown -- --
net2 phys 1500 unknown -- --
net3 phys 1500 unknown -- --
stub0 etherstub 9000 unknown -- --
An ethernet stub can be used instead of a physical NIC to create VNICs. VNICs that are 
created on an etherstub will appear to be connected through a virtual switch, allowing 
complete virtual networks to be built without physical hardware. The VNICs over an etherstub 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
become independent of the physical NICs in the system. You can use etherstubs to isolate 
the virtual network from the rest of the virtual networks in the system, as well as the external 
network to which the system is connected. 
You cannot use an etherstub just by itself. Instead, you use VNICs with an etherstub to create 
the private or isolated virtual networks. You can create as many etherstubs as you require. 
You can also create as many VNICs over each etherstub as required.
To create an etherstub use the dl d t th t b command followed by theTo create an etherstub, use the dladm create-etherstub command followed by the 
etherstub name. In the example, you are creating the etherstub stub0.
To confirm the creation of the etherstub, you can use the dladm show-link command, as 
shown in the example in the slide. Here, you can see that stub0 has been created and that 
its current state is unknown.
Oracle Solaris 11 Advanced System Administration 6 - 25
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Creating the Virtual Network Interfaces
To create a VNIC and attach it to the etherstub, use dladm 
create-vnic –l etherstub vnic.
# dladm create-vnic -l stub0 vnic0
# dl d t i l t b0 i 1# dladm create-vnic -l stub0 vnic1
# dladm create-vnic -l stub0 vnic2
After you have created the etherstub, you can create the VNICs and attach them to the 
etherstub by using the dladm create-vnic command followed by the -l option, the 
etherstub name, and the VNIC name, as shown in the first example in the slide. The -l option 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
precedes the link, which can be either a physical link or an etherstub.
Note: vnic0 is required for the virtual switch. The other VNICs (vnic1 and vnic2) are for 
use with the zones that will be created.
Oracle Solaris 11 Advanced System Administration 6 - 26
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Displaying the Virtual Network Configuration
To display the virtual network configuration, use dladm show-
vnic.
# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VIDLINK OVER SPEED MACADDRESS MACADDRTYPE VID
vnic0 stub0 0 2:8:20:70:d0:f8 random 0
vnic1 stub0 0 2:8:20:80:65:0 random 0
vnic2 stub0 0 2:8:20:1f:c5:bd random 0
To verify that the VNICs are created and to display the virtual network configuration, you can 
use the dladm show-vnic command, as shown in the example in the slide. The dladm
show-vnic command is used to show the VNIC configuration information for all VNICs, all 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
VNICs on a link, or only a specified vnic-link. The output for this command displays the 
name of the link (LINK), the name of the physical link over which the VNIC is configured 
(OVER), the maximum speed of the VNIC [in megabits per second (SPEED)], the MAC address 
of the VNIC (MACADDRESS), the MAC address type of the VNIC (MACADDRTYPE) that can be 
either a random address assigned to the VNIC (random) or a factory MAC address used by 
the VNIC (factory), and the VLAN identifier (VID). The etherstub or virtual switch uses the 
VLAN identifier to determine the interface to send a data packet to. p
In this example, all the VNICs have been configured over etherstub stub0. Currently, there is 
no data passing through the links, so there is no speed being recorded. The MAC addresses 
are present for each VNIC and they have all been randomly assigned. There is one VLAN 
and it is identified with VID 0.
Oracle Solaris 11 Advanced System Administration 6 - 27
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r the
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
The Virtual Network Configuration So Far
System
VNIC 1 VNIC 2
Etherstub
The graphic in the slide illustrates what the virtual network configuration looks like so far. 
There is the etherstub, and two VNICs connected to the switch.
Now that you have created the network, you are ready to configure your zones on top of this
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Now that you have created the network, you are ready to configure your zones on top of this 
network. You will look at how to do this in the subsequent slides.
Oracle Solaris 11 Advanced System Administration 6 - 28
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Quiz
Which utility is used to create virtual switches and VNICs?
a. lnkadm
b. dladm
c vniccfgc. vniccfg
d. dlcfg
Answer: b
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 29
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Quiz
You have created an etherstub called stub2. You now want to 
create vnic1 and attach it to stub2. Which set of commands 
do you use to do this?
a. # dladm create-vnic1
b. # dladm create-vnic -l vnic1
c. # dladm create-vnic -l stub2 vnic0
d. # dladm create-vnic -l stub2 vnic1
Answer: c
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 30
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Practice 6-1 Overview: 
Creating an Oracle Solaris 11 Virtual NetworkCreating an Oracle Solaris 11 Virtual Network
This practice covers the following topics:
• Creating a virtual network switch
• Creating the virtual network interfaces
• Displaying the virtual network configuration• Displaying the virtual network configuration
The practices for this lesson are designed to reinforce the concepts that have been presented 
in the lecture portion. These practices cover the following tasks:
• Practice 6-1: Creating an Oracle Solaris 11 virtual network
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
act ce 6 C eat g a O ac e So a s tua et o
• Practice 6-2: Creating two zones by using VNICs
• Practice 6-3: Allocating resources to zones
• Practice 6-4: Managing the virtual network data flow
• Practice 6-5: Removing part of the virtual network
Practice 6-1 should take about 10 minutes to complete.
Oracle Solaris 11 Advanced System Administration 6 - 31
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Lesson Agenda
• Planning for a Virtual Network and Zones
• Creating a Virtual Network
• Configuring Zones to Use VNICs
• Allocating and Containing System Resources to a Zone• Allocating and Containing System Resources to a Zone
• Managing Resources on the Virtual Network
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 32
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Configuring Zones to Use VNICs
This section covers the following topics:
• Configuring the zone
• Displaying a zone configuration
• Checking the virtual network configuration for a zone• Checking the virtual network configuration for a zone
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 33
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Zone Configuration Process: Overview
Plan the zone strategy.
Exit the zone configuration 
utility.
Start
Create a ZFS file system for 
the zones in rpool.
Configure the zone.
C l t i iti l i t l
Install the zone.
Boot the zone.
Verify and commit the zone 
configuration.
Complete initial internal 
zone configuration.
End
Before configuring a zone or zones to use VNICs, you should know what your company’s 
zone strategy is. That is, how many zones will you create and what type of virtual network 
setup will you use? You need to create a ZFS file system for the zones in the root file 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
system (rpool). You then configure the zone or zones. During zone configuration, you 
identify the VNIC that you want to use for the zone. After completing the configuration, you 
verify and then commit it. Next, you exit the zone, install it, and boot it. Finally, you return to 
the zone, log in, and complete the initial internal zone configuration.
Note: To configure additional zones to use other VNICs, you follow the same basic steps. 
You now walk through each of these steps, beginning with planning the zone strategy.
Oracle Solaris 11 Advanced System Administration 6 - 34
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Planning the Zone Strategy
• Virtual network configuration: etherstub stub0 with two 
VNICs (vnic1 and vnic2)
• Two zones: hrzone and itzone
• Zone paths: /zones/hrzone; /zones/itzoneZone paths: /zones/hrzone; /zones/itzone
• IP type: exclusive-IP
• VNIC to zone association: vnic1 for hrzone; vnic2 for 
itzone
Suppose that you have been tasked with creating two zones over a virtual network. Your 
strategy is to create the virtual network first, which you have already done, and then create 
the zones. As part of your zones configuration planning, you have identified the following 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
information:
• Zone names: The zone name must be unique. You use the names hrzone and 
itzone to create your zones.
• Zone paths: Each zone requires a path to its root directory that is relative to the global 
zone’s root directory. You are creating a file system called zones as part of rpool, and 
then you create two other file systems under zones, one to contain hrzone and one to 
contain itzone The two zone paths should look like this respectively:contain itzone. The two zone paths should look like this, respectively: 
/zones/hrzone and /zones/itzone.
• IP type: To use VNICs, a zone must be configured as an exclusive IP zone.
• Specific VNIC to be associated with the zone: You usevnic1 for hrzone and 
vnic2 for itzone.
Now that you know what your zone strategy is, your next step is to create the ZFS file system 
structure for your zonesstructure for your zones.
Oracle Solaris 11 Advanced System Administration 6 - 35
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Creating a ZFS File System for Zones in rpool
To create a ZFS file system for zones in rpool, use zfs 
create -o mountpoint=/zones rpool/zones.
# zfs create -o mountpoint=/zones rpool/zones
To verify that the file system exists and that it has been 
mounted, use zfs list rpool/zones.
# zfs list rpool/zones
NAME USED AVAIL REFER MOUNTPOINT
rpool/zones 31K 22.6G 31K /zones
The first ZFS file system that you want to create in rpool is a file system that will contain all 
the individual zones’ file systems. Typically, this file system is called zones. To create this file 
system, use the zfs create command with the -o option (to specify the mountpoint
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
property), followed by the mountpoint property value (mountpoint=/zones) and the file 
system name (rpool/zones), as shown in the first example in the slide.
You can then verify that the file system has been created and mounted by using the zfs
list command followed by the file system name, as shown in the second example.
You will create the zone-specific file system during zone configuration.
Oracle Solaris 11 Advanced System Administration 6 - 36
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Configuring the Zone 
To configure a zone, use zonecfg -z zonename.
# zonecfg -z hrzone
hrzone: No such zone configured
Use 'create' to begin configuring a new zone.Use create to begin configuring a new zone.
zonecfg:hrzone> create
create: Using system default template ‘SYSdefault’
zonecfg:hrzone> set zonepath=/zones/hrzone
zonecfg:hrzone> set autoboot=true
zonecfg:hrzone> add net
zonecfg:hrzone:net> set physical=vnic1
zonecfg:hrzone:net> end
zonecfg:hrzone>
The zonecfg command is used to create the zone configuration. You must be a superuser or 
have the appropriate rights profile to configure a zone. To perform the configuration, use the 
zonecfg command with the -z option to specify the name of the zone, followed by the zone 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
name, as shown in the example. After you enter the command, and if you are configuring a 
new zone, you see the following message: “No such zone configured. Use 'create' to
begin configuring a new zone.” 
The next step is to enter create. This enables you to create the new zone configuration by 
setting specific properties, such as the zone path, the IP type, and the network type. 
Note: The IP type is set to exclusive by default. To set it to shared, use the set ip-
t h d commandtype=shared command.
Then you set the zone path by using the set zonepath= command followed by the zone 
name (for example, /zones/hrzone). 
Next, you set autoboot to true by using set autoboot=true. This setting indicates that 
the zone should be booted automatically at system boot. At this point in the configuration, you 
specify that you want to add a network interface to the zone. To do this, use the add net 
commandcommand.
Oracle Solaris 11 Advanced System Administration 6 - 37
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Notice, in the example, that the zonecfg prompt for the zone that you are creating has been 
modified to include “net”: zonecfg:hrzone:net. Here, you can set the network physical
property to specify the VNIC that you want this zone to use by using set physical=
followed by the VNIC name (for example, set physical=vnic1). 
To stop work on the zone’s network configuration, enter the end command. You have 
completed the zone configuration.
Oracle Solaris 11 Advanced System Administration 6 - 38
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Verifying, Committing, and Exiting 
the New Zone Configurationthe New Zone Configuration 
# zonecfg -z hrzone
Use 'create' to begin configuring a new zone.
zonecfg:hrzone> create
zonecfg:hrzone> set zonepath=/zones/hrzone
zonecfg:hrzone> set autoboot=true
zonecfg:hrzone> set ip-type=exclusive
zonecfg:hrzone> add net
zonecfg:hrzone:net> set physical=vnic1
zonecfg:hrzone:net> end
zonecfg:hrzone> verify
zonecfg:hrzone> commitzonecfg:hrzone> commit
zonecfg:hrzone> exit
#
After you complete your zone configuration, you need to verify that all the required information 
is present. You do this by using the verify command, as shown in the example in the slide. 
If all the required information is not present, the system will notify you, in which case you will 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
need to review your configuration to determine what is missing. If no messages are displayed, 
you can continue to the next step, which is to commit the configuration. The commit
command takes the configuration from memory and puts it into permanent storage.
After the zone configuration is committed, you can exit the zone configuration session by 
using the exit command.
Note: To configure, verify, commit, and exit itzone as per your zone strategy, you repeat the 
t th t j t dsteps that you just covered.
Oracle Solaris 11 Advanced System Administration 6 - 39
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Displaying a Zone Configuration
To display a zone configuration, use zonecfg -z zonename
info.
# zonecfg -z hrzone info
zonename: hrzone
zonepath: /zones/hrzonep
brand: solaris
autoboot: true
file-mac-profile:
bootargs: 
pool: 
limitpriv: 
scheduling-class: 
ip-type: exclusive
hostid: 
fs-allowed: 
net:
address not specified
allowed-address not specified
physical: vnic1
defrouter not specified
<continued on next slide>
After you have finished your zone configuration, it is a good practice to review your zone 
configuration before you install the zone. To display a zone configuration, use the zonecfg -
z command followed by the zone name and the info subcommand, as shown in the slide. 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Verify that you have set the zone path, IP type, and network interface properties correctly.
Oracle Solaris 11 Advanced System Administration 6 - 40
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Displaying a Zone Configuration
<continued from previous slide> 
anet:linkname: net0
lower-link: auto
allowed-address not specified
configure-allowed-address: true
defrouter not specified
allowed-dhcp-cids not specified
link-protection: mac-nospoof
mac-address: random
mac-prefix not specified
mac-slot not specified
vlan-id not specified
priority not specified
rxrings not specified
txrings not specified
mtu not specified
maxbw not specifiedmaxbw not specified
rxfanout not specified
vsi-typeid not specified
vsi-vers not specified
vsi-mgrid not specified
etsbw-lcl not specified
cos not specified
pkey not specified
linkmode not specified
This slide shows the continuation of the zonecfg –z hrzone info command example.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 41
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Verifying That a Zone Is in configured State
To list all configured and running zones on the system, use 
zoneadm list –cv.
# zoneadm list -cv
ID NAME STATUS PATH BRAND IP 
0 global running / solaris shared
- hrzone configured /zones/hrzone solaris excl 
- itzone configured /zones/itzone solaris excl 
You are now ready to install the zone. But, before you do that, it is a good idea to confirm that 
the zone is in the configured state. You can use the zoneadm list -cv command to see 
all configured and running zones on a system, as shown in the example in the slide. Both the 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
zones that you have created, hrzone and itzone, have a status of configured.
You can now install the configured zones. 
Oracle Solaris 11 Advanced System Administration 6 - 42
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Gathering Information for 
the System Configuration Profilethe System Configuration Profile
• Computer Name: hrzone
• Wired Ethernet Network Configuration: Manually
• IP address of the zone: 192.168.1.100
• DNS Name service: Do not configure DNS• DNS Name service: Do not configure DNS
• Alternate Name Service: None
• Time Zone, Region, and Location: Use your local region.
• Netmask of the IP address: 255.255.255.0
• Users, username, and passwordp
After you have verified that the zone is in the configured state, you need to create a system 
configuration profile for the zone, which utilizes the System Configuration Tool (sysconfig, 
for short). The system configuration profile specifies the default locale and time zone, the 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
zone’s root password, a naming service to use, and other aspects of the application 
environment, to include (but not limited to) the following:
• The computer name of the zone (for example, hrzone)
• IP address of the zone, which is based on the IP address of the zone’s VNIC
• Netmask of the IP address
You need to gather this information before creating the system configuration profile. Most of g g y g
the information is supplied by selecting from a list of choices. Typically, the default options are 
enough unless your system configuration requires otherwise. After you have supplied the 
required information for the zone, the zone is restarted.
This slide presents a sample of the type of information that you need to complete the system 
configuration profile.
Oracle Solaris 11 Advanced System Administration 6 - 43
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Creating the System Configuration Profile
# sysconfig create-profile –o /opt/ora/data/hrconf.xml
To create the system configuration profile, use sysconfig 
create-profile –o pathname.
<prompt sequence omitted>
Exiting System Configuration Tool. Log is available at:
/var/tmp/install/sysconfig.log
To create a system configuration profile for a zone, use the sysconfig create-profile –
o command followed by the path name of the location in which you want the profile to reside, 
as shown in the example in the slide. Using the configuration information that you gathered 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
previously, respond to each of the prompts that are presented. When you have finished, you 
will be exited from the System Configuration Tool.
Oracle Solaris 11 Advanced System Administration 6 - 44
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Installing the Zone
To install a zone, use zoneadm -z zonename install -c 
profile_pathname.
# zoneadm -z hrzone install –c /opt/ora/data/hrconf.xml
A ZFS file system has been created for this zone.
Publisher: Using solaris (http://server1.mydomain.com/ ).
Image: Preparing at /zones/hrzone/root.
Sanity Check: Looking for 'entire' incorporation.
...
Done: Installation completed in 356.558 seconds.
After you have created the system configuration profile, you are ready to install the zone. To 
install a zone, use the zoneadm -z command followed by the zone name, the install -c
subcommand, and the path name to the system configuration profile, as shown in the 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
example in the slide. 
The installation process automatically creates a ZFS file system (data set) for the zone path 
when the zone is installed. If the file system cannot be created, the zone is not installed. The 
installation process also verifies the specified publisher and downloads the zone installation 
packages from IPS. This process normally takes about three to five minutes per zone.
Oracle Solaris 11 Advanced System Administration 6 - 45
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Booting the Zone
# zoneadm list -iv
ID NAME STATUS PATH BRAND IP 
To list all running and installed zones on the system, use 
zoneadm list -iv.
0 global running / solaris shared
- hrzone installed /zones/hrzone solaris excl 
- itzone installed /zones/itzone solaris excl 
To boot a zone, use zoneadm -z zonename boot.
# zoneadm -z hrzone boot
# d it b t# zoneadm -z itzone boot
# zoneadm list -v
ID NAME STATUS PATH BRAND IP 
0 global running / solaris shared
1 hrzone running /zones/hrzone solaris excl 
2 itzone running /zones/itzone solaris excl 
The next step is to boot the zone. But, before you do that, it is a good idea to confirm that the 
zone is in the installed state. You can use the zoneadm list -civ command to see all 
the running and installed zones on a system, as shown in the first example in the slide. As 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
you can see, both hrzone and itzone have a status of installed.
You can now boot the installed zones.To boot a zone, use the zoneadm -z command 
followed by the zone name and the boot subcommand, as shown in the second example. 
To verify that a zone is in running state, you can run the zoneadm list -v command, as 
shown in the second part of the second example. Note that the two non-global zones now 
have assigned IDs.
Oracle Solaris 11 Advanced System Administration 6 - 46
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Checking the Virtual Network 
Configuration in a ZoneConfiguration in a Zone
To display the network interface address information for a zone, 
log in to the zone, and then use ipadm show-addr.
# zlogin hrzone
[Connected to zone 'hrzone' pts/2][ p / ]
Oracle Corporation SunOS 5.11 11.0 November 2011
root@hrzone:~# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
vnic1/v4 static ok 192.168.1.100/24
lo0/v6 static ok ::1/128
vnic1/v6 addrconf ok fe80::8:20ff:fe43:7986/10
Now you learn how to check the virtual network configuration in a zone. First, you need to log 
in to the zone. Log in to hrzone. To do this, use the zlogin command again, followed by the 
zone name, as shown in the example in the slide. After you are logged in, you can use the 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
ipadm show-addr command to see the network interface address information for the zone. 
Here, you can see the IP address assignment of 192.168.1.100 that you made for the net0
network interface while creating the system configuration profile. You can also see the type 
and state of the interface.
Oracle Solaris 11 Advanced System Administration 6 - 47
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Verifying That a Zone’s Virtual Network 
Interface Connection Is OperationalInterface Connection Is Operational
To verify that a zone’s virtual network interface connection is 
operational, use ping and an IP address.
root@hrzone:~# ping 192.168.1.200
192 168 1 200 is alive192.168.1.200 is alive
To verify that a zone’s virtual network interface connection is operational, ping an IP address 
from within the zone. In the example, you are pinging the IP address for the second zone that 
was created, itzone. As you can see from the output, the virtual network that connects these 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
two zones is operational.
Oracle Solaris 11 Advanced System Administration 6 - 48
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Virtual Network Configuration
Global Zone
hrzone
192 168 1 100
itzone
192 168 1 200
System
Etherstub
192.168.1.100 192.168.1.200
vnic1
192.168.1.100
vnic2
192.168.1.200
Local network 192.168.0.0
e1000g0
192.168.0.112
The graphic in the slide illustrates what the final virtual network configuration looks like. You 
have two zones, hrzone and itzone, each with a dedicated or exclusive IP address. The 
hrzone zone is using vnic1 as its network interface, and itzone is using vnic2 as its 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
network interface. The VNICs are using etherstub stub0.
Oracle Solaris 11 Advanced System Administration 6 - 49
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Removing the Virtual Network 
Without Removing the ZonesWithout Removing the Zones
1. Verify the state of the configured zones.
2. Halt the exclusive IP zones.
3. Verify that the zones have been halted.
4 List the VNICs that were configured for the halted zones4. List the VNICs that were configured for the halted zones.
5. Delete the VNICs.
If you find that you need to use the zones that you have created in a different configuration, or 
if you need to move the zones to a different zone path or migrate them to another network, 
you must disable the zone’s virtual network while keeping the zones intact.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Note: This procedure assumes that you are running a virtual network that consists of 
exclusive IP zones.
The steps for removing a virtual network without removing the zones are presented in the 
slide. You now take a closer look at how to complete each step, beginning with how to verify 
the state of the configured zones.
Oracle Solaris 11 Advanced System Administration 6 - 50
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Verifying the State of the Configured Zones
To verify the state of the configured zones, use zoneadm 
list –cv.
# zoneadm list -cv
ID NAME STATUS PATH BRAND IP 
0 global running / solaris shared
- hrzone running /zones/hrzone solaris excl 
- itzone running /zones/itzone solaris excl 
To verify the state of the currently configured zones on the system, use the zoneadm list 
command with the -cv option, as shown in the example in the slide. As you can see, hrzone
and itzone are currently running. You can also verify that both zones have exclusive IP 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
addresses. 
Oracle Solaris 11 Advanced System Administration 6 - 51
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Halting the Exclusive IP Zones
To halt the exclusive zones, use zoneadm –z zonename 
halt.
# zoneadm –z hrzone halt
# zoneadm –z itzone halt
After you have verified the status of the zones and that they are exclusive IP zones, you can 
halt each zone by using the zoneadm -z command followed by the zone name and the halt
subcommand, as shown in the example in the slide. When you halt a zone, you remove the 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
zone’s application environment and terminate several system activities.
Note: You can also use the zoneadm –z zonename shutdown command to cleanly shut 
down a zone. Alternatively, for instructions on how to perform the same procedure by using 
the zlogin command, refer to the chapter titled “How to Use zlogin to Shut Down a Zone” 
in the Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and 
Resource Management guide.
Oracle Solaris 11 Advanced System Administration 6 - 52
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xpre
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Verifying That the Zones Have Been Halted
To verify the state of the configured zones, use zoneadm 
list –iv.
# zoneadm list -iv
ID NAME STATUS PATH BRAND IP 
0 global running / solaris shared
- hrzone installed /zones/hrzone solaris excl 
- itzone installed /zones/itzone solaris excl 
To verify that the zones have been halted, use the zoneadm list -iv command, as shown 
in the example in the slide. Include the -i option to see all the installed zones on the system.
As you can see, hrzone and itzone have been returned to the installed state.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
As you can see, hrzone and itzone have been returned to the installed state.
Oracle Solaris 11 Advanced System Administration 6 - 53
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Listing the VNICs That Were Configured 
for the Halted Zones
# dladm show-vnic
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
for the Halted Zones
To list the VNICs that were configured for the halted zones, use 
dladm show-vnic.
LINK OVER SPEED MACADDRESS MACADDRTYPE VID
vnic0 stub0 1000 MBps 2:8:20:70:d0:f8 random 0
vnic1 stub0 1000 MBps 2:8:20:80:65:0 random 0
vnic2 stub0 1000 MBps 2:8:20:1f:c5:bd random 0
The next step is to list the VNICs that were configured for the halted zones. To do this, use 
the dladm show-vnic command, as shown in the example in the slide. You will recall that 
vnic0 is for the etherstub; so the two VNICs that you are interested in are vnic1 and 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
vnic2, which correspond to hrzone and itzone, respectively.
Oracle Solaris 11 Advanced System Administration 6 - 54
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Deleting the VNICs
To delete the VNICs, use dladm delete-vnic vnicname.
# dladm delete-vnic vnic0
# dladm delete-vnic vnic1
# dladm delete vnic vnic2# dladm delete-vnic vnic2
The final step is to delete the VNICs. This is done by using the dladm delete-vnic
command followed by the VNIC name, as shown in the example in the slide.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 55
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Quiz
After you have run the zonecfg -z zonename command, 
which command would you use to start the configuration of a 
new zone?
a. add zone
b. begin
c. create
d. start
Answer: c
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 56
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Quiz
To use VNICs, which IP type must a zone be configured as?
a. Shared-IP
b. Exclusive-IP 
c Either shared or exclusivec. Either shared or exclusive
Answer: b
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 57
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Quiz
You have created the configuration for a new zone. What is the 
next step?
a. Boot the new zone.
b Commit the configurationb. Commit the configuration.
c. Exit the configuration.
d. Verify the configuration.
Answer: d
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 58
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Practice 6-2: 
Creating Two Zones by Using VNICsCreating Two Zones by Using VNICs
This practice covers the following topics:
• Configuring two zones by using VNICs 
• Displaying the zone configuration, including the interfaces
This practice should take about 45 minutes to complete.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 59
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Lesson Agenda
• Planning for a Virtual Network and Zones
• Configuring a Virtual Network
• Configuring Zones to Use VNICs
• Allocating and Managing System Resources in a Zone• Allocating and Managing System Resources in a Zone
• Managing Resources on the Virtual Network
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 60
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Allocating and Managing System 
Resources in a ZoneResources in a Zone
This section covers allocating and managing the following:
• CPU resources with resource pools
• Physical memory resources with resource capping
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
Oracle Solaris 11 Advanced System Administration 6 - 61
O
ra
cl
e 
U
ni
ve
rs
ity
 a
nd
 (O
ra
cl
e 
C
or
po
ra
tio
n)
 u
se
 o
nl
y.
Th
es
e 
eK
it 
m
at
er
ia
ls
 a
re
 to
 b
e 
us
ed
 O
N
LY
 b
y 
yo
u 
fo
r t
he
 e
xp
re
ss
 p
ur
po
se
 S
EL
F 
ST
U
D
Y.
 S
H
AR
IN
G
 T
H
E 
FI
LE
 IS
 S
TR
IC
TL
Y 
PR
O
H
IB
IT
ED
.
Allocating and Managing CPU Resources 
with Resource Poolswith Resource Pools
• Enabling services for resource pools
• Configuring a persistent resource pool
• Binding the zone to a persistent resource pool
• Removing the resource pool configuration• Removing the resource pool configuration
To manage CPU consumption in a zone, you can use a resource pool. To do this, you must 
first enable pool services, configure the resource pool, and then bind the zone to the pool. 
When you no longer have the need to manage CPU usage in the zone, you can remove the 
Copyright © 2013, Oracle and/or its affiliates. All rights reserved.
resource pool. Next, you look at how to perform each of these tasks, beginning with enabling